CloudTask's EU-U.S. Privacy Shield Framework Statement
Effective as of May 25, 2018
CloudTask, LLC. (“CloudTask”, “we”, “us” or “our”) has certified aspects of our services and website, for which we act as a data processor, under both the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework (collectively, the “Privacy Shields”). For more information on the Privacy Shields, please visit the U.S. Department of Commerce’s Privacy Shield website at: https://www.privacyshield.gov/welcome. Our certifications can be found here
The European Commission has determined that certain countries outside of the European Economic Area (EEA) adequately protect personal data. You can review current European Commission adequacy decisions here. To transfer data from the EEA to other countries, such as the United States, we comply with legal frameworks that establish an equivalent level of protection with EU law.
We commit to periodically review and verify the accuracy of our policies and our compliance with the Privacy Shields. If there is any conflict between the Privacy Shields and our policies (including this Framework Statement), the principles of the Privacy Shields shall govern where applicable.
We adhere to the principles of the Privacy Shields with respect to personal data provided by (i) visitors to our website, (ii) users of our services (i.e., subscribers to any of our content marketing campaigns), and (iii) information collected from visitors to the websites of our users. Since we are generally just a conduit for information requested by our clients, it’s our customers and their users who control the content transmitted across our network (e.g. images, written content, graphics etc.). To the extent that we merely transmit, route, switch or cache information on behalf of our customers, we may instead rely upon such customer to comply with underlying legal requirements with respect to such processing, as permitted under the Privacy Shields.
We provide web optimization and other sales and marketing services that our customers use. These services include features such as a content distribution network, DDoS protection, WAF, SSL certificates and data analytics regarding their websites and visitors to their websites. In providing these features, we may gather certain information regarding the use of our sites and our customers’ websites, and process data submitted by our customers or which we are instructed to process on their behalf. While it’s not up to us which data we receive, it typically includes items such as contact information, IP addresses, security fingerprints, DNS log data, and website performance data derived from browser activity.
PURPOSE OF DATA PROCESSING
We process data submitted by our customers for the purpose of providing and developing our online web optimization and security services. To fulfill this purpose, we may process personal data submitted to us by our customers to provide such services, to address technical and security issues, to prevent fraud, to improve these services, to follow our customers’ instructions, or in response to contractual or legal requirements.
EU EMPLOYEE DATA
We may process human resources data of our existing, potential or former employees from the EU to enable our employment relationship under the EU-U.S. Privacy Shield Framework. We commit to cooperate with European data protection authorities, including with respect to the Supplemental Principles, with regard to human resources data transferred from the EU in the context of our employment relationship, and to comply with the advice given by such authorities with respect to such data.
INQUIRIES AND COMPLAINTS
If you believe that we maintain copies of your personal data within the scope of the Privacy Shields, you may direct any inquiries to firstname.lastname@example.org. We will respond to your inquiry within 45 days of receipt and verification of your identity. If we fail to respond during that time, or if we don’t address your concern, you may contact TrustArc (formerly known as TRUSTe), our U.S.-based third-party dispute resolution provider, for disputes relating to our compliance (free of charge) at https://feedback-form.truste.com/watchdog/request. If neither we nor Trust Arc is able to resolve your complaint, as a last resort you may engage in binding arbitration through the Privacy Shield Panel.
THIRD PARTIES WHO MAY RECEIVE PERSONAL DATA
We may use a limited number of third-party service providers to assist us in providing services to our customers or to meet internal business needs. These providers may provide services such as billing systems, contract and account management, customer support, relationship management and other technical operations. These third parties may access, process, or store personal data in the course of providing their services. We maintain contracts with these third parties to restrict their access, use, and disclosure of personal data in compliance with our Privacy Shield obligations, and we may be liable for such parties if they fail to meet these obligations.
RIGHTS TO ACCESS AND LIMIT USE OF DATA
Individuals located in the EU, EEA, or Switzerland, if applicable, have rights to access personal data about them, and to limit the use and disclosure of such data. We take our privacy obligations extremely seriously and have committed to respect these rights. Because our personnel has limited ability to access data submitted to us by our clients, if you wish to request access to, or to limit use or disclosure of data, please provide the name of the party who submitted your data to our services, and state whether it was yourself or a third party. We will refer your request to that third party, if appropriate, and reasonably support them in responding to your request.
ENFORCEMENT AND REQUIRED DISCLOSURE
Our commitments under the Privacy Shields are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. We may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Under such circumstances, we may be prohibited by law, court order or other legal process from providing notice of disclosure.